Digital Forensics, Incident Response & Data Breach Management Services

INCIDENT RESPONSE
01223 298 338

About Us

3B Data Security is an approved PCI SSC PCI Forensic Investigator (PFI) and Qualified Security Assessor Company (QSAC). Specialising in digital forensics, incident response and data breach management services to all types of public and private sector organisations; such as retail, financial, ecommerce, utility companies and government institutions.

Having worked in the digital forensics and the IT security industry for over a decade, specialising in forensic incident response, PCI DSS, PCI forensic investigations and data breach investigations; 3B Data Security has extensive knowledge of how to prevent, manage and forensically investigate incidents of data compromise and support organisations mitigate against the risk of being hacked or recover from incidents and prevent their reoccurrence.

Over this time 3B Data Security staff have built close relationships with organisations like the Payment Card Industry Security Standards Council (PCI SSC), the UK acquiring banks, credit card schemes and law enforcement agencies. 3B Data Security is an approved PCI SSC Qualified Security Assessor Company (QSAC) and an approved PCI SSC PCI Forensic Investigator (PFI) Company.

The years of experience in forensically investigating data breaches has led to the development of services like the Cyber Security Incident Response Retainer Service (CSIRRS) which proactively supports all types of organisations before an incident occurs, as well as to help prevent and react most efficiently if one does.

Staff have worked in Law Enforcement High-Tech Crime Units, Counter Terrorism Units and specialist security consultancy firms and are specialists in reacting to forensic computer incident response situations and helping organisations contain and forensically investigate data compromises. In addition to this 3B Data Security offer incident response planning and preparation consulting, data compromise mitigation, security training (inc. first responder, table top mock breach exercises & security awareness), incident response retainer services, PCI DSS consulting and penetration testing.

Services

3B Data Security offer a range of Digital Forensics, Incident Response and Data Breach Management Services. Alongside this 3B Data Security can help you track down your unencrypted cardholder and personal data, provide bespoke security related training on topics like Forensic Incident Response, First Responder and Data Breach Awareness Training. We also deliver Data Breach Table Top Mock Exercises, PCI DSS Consultancy, and can be on-call 24 by 7 to help manage your Cyber Security or Forensic Incidents as part of the proactive Retained Services offering.

INCIDENT RESPONSE
01223 298 338

If you have a cyber security incident, believe you are under attack or have been compromised, then call us immediately for assistance on 01223 298 338 or email us at IR@3BDataSecurity.com

Cyber Incident Response and Forensic Data Breach Investigation Services

Cyber Incident Response & Forensic Data Breach Investigation

3B Data Security staff have extensive experience in this area having been involved in investigating payment card data breaches for the acquiring banks and credit card schemes since 2007, which is prior to the Payment Card Industry Security Standards Council (PCI SSC) taking responsibility for the PCI Forensic Investigator (PFI) programme from Visa (QIRA) and MasterCard (QFI).

Read More

During this time the scope, scale and complexity of attacks have evolved and as the Security landscape moves, the hackers move with it, often circumventing and exploiting the new security controls implemented by the IT security professionals.

3B Data Security staff have a wealth of experience and expertise having been exposed to a plethora of different incident response scenarios and forensic data breach investigations, - ranging from a cottage industry business run from a home garage to multi-national cross-border blue chip organisations.

Other examples include utility providers, financial service institutions, insurance underwriters, hoteliers, hosting companies, level one merchant retailers, payment service providers, online retailers, gambling/gaming companies and motor manufacturers. We have also worked with and for law-enforcement agencies, the Information Commissioners Office (ICO) and with legal/litigation teams within law firms and solicitors.

Staff members have been certified under the CREST Cyber Security Incident Response (CSIR) scheme and hold the CREST Certified Incident Manager (CCIM) accreditation. In addition, they have also been certified as Core PCI Forensic Investigators (PFI) and Qualified Security Assessors (QSA) by the PCI Security Standards Council.

If you have a cyber security incident, believe you are under attack or have been compromised, then call us immediately for assistance on 01223 298 338 or email us at IR@3BDataSecurity.com.

If you want to take a more proactive and pragmatic approach whilst benefitting from the knowledge and years of experience which the 3B Data Security team possess, then why not speak to us about our Cyber Security Incident Response Retainer Service (CSIRRS). CSIRRS will help arm and prepare your business or organisation with the skills and resources needed to react and respond to a cyber security incident efficiently as it provides you with a 24/7 on-call support helpline, pre-agreed consultancy rates and methodologies, signed contracts and legal documents and proactive security reviews and information sharing sessions.

Read Less

Cyber Security Incident Response Retainer Service (CSIRRS) & Digital Forensic Retainer Service (DFRS)

Cyber Security Incident Response Retainer Service (CSIRRS) & Digital Forensic Retainer Service (DFRS)

Is your organisation equipped with the resources and expertise to deal with an urgent cyber security incident or forensic investigation? Do you know which systems store your sensitive data or how to deal with the continuity of evidence? Can you make the correct decisions for the business whilst ensuring you act in a timely but independent and transparent manner? Are you governed by industry regulators, standardisation bodies, legal contracts or even law enforcement agencies? Will they wish to see the reasons for the steps you took, the decision you made and the conclusions you drew? Will you or your organisation be penalised, fined or face litigation if it all goes wrong?

Read More

What would your customers say if they found their data posted on a hacker forum and believed you were the source?

Would you know how to respond if the 10 o’clock news called you for a statement on your data breach?

If you have any doubt to even one of the answers above, then you need sign up to 3B Data Security’s Cyber Security Incident Response Retainer Service (CSIRRS) immediately.

After many years dealing with all types of cyber security incidents and urgent forensic investigations, 3B Data Security have formulated a proactive incident response retainer service that aims to resolve many common problems faced by organisations suffering a data compromise. In effect you learn from all the mistakes made by others before you.

The service is tailored to your organisation and allows you to rest easy knowing help is always on hand and proactive measures are taken to help reduce risk in advance. The service includes:

The advantages to your business or organisation include:

If you want to focus on running your business not on reacting to a forensic or cyber incident; proactively improve the response and investigation process, learn from others mistakes and protect your reputational brand and your customer relations, then sign up to the Retainer Service.

Read Less

PCI DSS Compliance & PCI Forensic Investigator (PFI) Services

PCI DSS & PCI Forensic Investigator (PFI) Services

3B Data Security are one of only a handful of globally approved PCI PFI companies certified by the PCI SSC and payment card brands to help merchants recover from, and forensically investigate a compromise cardholder data. Whether you are eligible for a PFI Lite investigation or need assistance with a (full) PFI Investigation, 3B Data Security is perfectly suited to resolve the situation for you.

Read More

Alongside this 3B Data Security is an approved PCI SSC Qualified Security Assessor Company (QSAC), which enables us to perform PCI Compliance consulting, advisory and audit services to help merchants obtain certification against the Payment Card Industry Data Security Standard (PCI DSS).

Senior team members have been Qualified Security Assessors (QSA) since 2008 and have been investigating cardholder data compromises for Visa and MasterCard since 2007, then subsequently becoming Core PCI Forensic Investigators (PFIs) when the PCI Security Standards Council formed the PCI PFI Program in 2011.

Staff have investigated hundreds of cardholder data breach investigations for all types of organisations large, medium and small, in numerous different environments with ever changing technologies. Additionally the knowledge, experience and relationships gained from being a part of the payment card industry for this length of time helps to distinguish 3B Data Security as a trusted, credible and reliable PCI partner.

If you have suffered a PCI data breach, if you need to obtain or maintain PCI Compliance or simply want to benefit from our years of knowledge in conducting data compromise investigations, then get in contact and we can help you.

Read Less

Incident Response Consulting, First Responder Training and Table Top Exercises

PCI DSS & PCI Forensic Investigator (PFI) Services

Whether you need help writing an incident response plan for your business, review existing security response policies and procedures or need help ensuring your staff are adequately trained to respond, 3B Data Security has the experience that can help you.

Read More

We offer tailored first responder and breach management training to both technical and management level staff, based on industry best practise and years of conducting real incident response investigations. The training gives an insight to what will happen when an incident occurs, how you should respond, but more importantly you will be educated with lots of preventative advice, best practise and real life response hints and tips.

Do you want to learn, practise and play out your incident response policies and plans? Perhaps test your staff’s reaction to an incident or simply see what could happen within your organisation (if) when you do get hacked? But don’t want to wait for the hackers to do it for real?

Then utilise the years of knowledge 3B Data Security has in helping businesses react and recover from real life hacking incidents by undertaking a number of ‘mock’ incident response table top exercises. You will be lead through a number of incident scenarios, and as they play out, your people, processes and technologies will be tested in a controlled environment in order to highlight any discrepancies so they can be evaluated, educated and remediated, without the time-critical pressures you face whilst dealing with an actual incident at the same time.

We also offer a Computer Incident Response Public Relations (PR) Planning and Preparation Workshop which helps the business prepare the right PR responses to an incident, find gaps in the current PR Action Plan and deduce a list of playbook scenarios that may need to be considered for creation or amendment. These could be anything from how and when to inform Law Enforcement agencies, first line support / call centre staff, internal development staff, the media, website updates, social media posts, third-parties, acquiring banks or regulators.

Read Less

Digital Forensic Investigations

Digital Forensics Investigations

Digital Forensics is at the core of many of the services which 3B Data Security has to offer, - our staff have given evidence on forensic cases and acted as expert witnesses in court, often liaising with legal counsel and lawyers to turn the often complex world of digital evidence into clear, concise and easily understandable information.

Read More

3B Data Security staff have conducted both civil and criminal forensic investigations including intellectual property theft, HR / employee misconduct, computer misuse, fraud, money laundering, terrorism, cyber-crime/hacking, malware and financial litigation.

In addition to traditional forensic investigation, 3B Data Security have worked with insurance companies to validate their claims management process, conduct pre-assessment and risk validation for policy underwriters and conduct forensic training courses for corporate IT teams.

In our experience, most digital forensic investigations are initiated reactively, unexpectedly and are often very urgent and time critical. It is with this in mind that the proactive Digital Forensic Retainer Service (DFRS) has been created to help deal with these points and balance the unknown urgency of an incident and increase the ability for the forensic investigation to be conducted as efficiently and quickly as possible so the best outcome can be established. This includes understanding the gaps and weaknesses in the policies and processes, educating staff and first responders, agreeing all the commercials, legal documents and logistics in advance of any potential incident or forensic investigation requirement.

The time saved in understanding the methodologies, agreeing the terms and conditions or simply just knowing who to call could be the difference between a satisfactory conclusion and losing the evidence, losing the case, losing finances and even losing the business’s reputational brand.

Read Less

Cardholder Data & Personally Identifiable Information (PII) Discovery

Cardholder Data & Personally Identifiable Information (PII) Discovery

Storage and processing of client sensitive data, such as private personal information such as customer names, addresses, bank account details or credit card numbers have many commercial, legal and regulatory implications upon the processing entities.

Read More

If this data is compromised, inadvertently leaked, misplaced or simply stored longer than it should be, the processing entities run the risk of non-compliance and substantial fines from regulators such as the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and Credit Card Schemes like Visa, MasterCard, JCB, Discover and American Express.

This is in addition to the reputational risk and brand damage that is caused when an entity hits the news and it is made public that they have suffered a suspected or confirmed data breach. Trying to recover customer confidence and rebuild the reputation in a brand that has been a victim of a data breach is not a simple task, and could be crippling to a business’s future.

Under the Payment Card Industry Data Security Standard (PCI-DSS) and the Data Protection Act (DPA), certain types of data storage are not recommended at all or are prohibited. This data is often stored, be that on purpose, for testing and development of systems, inadvertently by errors in design and coding, legacy systems that have not been fully decommissioned or even stored on legitimate systems by hackers in order to harvest data during an attack.

After managing and forensically investigating hundreds of data breaches over the past decade, 3B Data Security have seen all variations on why data is stored and ultimately compromised by attackers, especially unencrypted cardholder information such as a Primary Account Numbers (PAN), CVV/CVC, cardholder names and addresses.

By proactively searching for unencrypted cardholder data across the computer network environment this data can be located, verified, securely erased and the processes that allow the data to be stored in the first place fixed for the future. This will help your business mitigate against the risks of storing unencrypted cardholder and PII data going forward.

Read Less

Contact

If your query is non urgent, please fill in the form below and we will get back to you as soon as we can.

Telephone: 01223 298 333
Email: info@3BDataSecurity.com

Incident Response: 01223 298 338
Incident Response: IR@3BDataSecurity.com

Careers

We are always looking for talented and enthusiastic people to join the team.

If you have a passion for forensics, incident response and information security then send us your CV and covering letter to Jobs@3BDataSecurity.com

3B Data Security offer a range of Digital Forensics, Incident Response and Data Breach Management Services. Alongside this 3B Data Security can help you track down your unencrypted cardholder and personal data, provide bespoke security related training on topics like Forensic Incident Response, First Responder and Data Breach Awareness Training. We also deliver Data Breach Table Top Mock Exercises, PCI DSS Consultancy, and can be on-call 24 by 7 to help manage your Cyber Security or Forensic Incidents as part of the proactive Retained Services offering. 3B Data Security is an approved PCI SSC Qualified Security Assessor Company (QSAC) and an approved PCI SSC PCI Forensic Investigator (PFI) Company.

Vacancies

Due to our continued business expansion, 3B Data Security LLP are now looking to recruit an experienced and highly-motivated Cyber Forensic Incident Response Investigator to join our rapidly growing team. This is an exciting and fantastic career opportunity to join 3B Data Security, an approved PCI SSC Qualified Security Assessor Company (QSAC), PCI Forensic Investigator (PFI) and specialist Cyber Security consultancy and provider of digital forensics, incident response and data breach management services.

Senior QSA Information Security Consultant (PCI QSA / ISO 27001 / GDPR)

You should be knowledgeable within the Information Security sector and already be a QSA (PCI DSS and/or PA DSS, P2PE), self-motivated and client-facing, with professional services experience and an established background in providing security consulting to both corporate and SME clients.

Read More

Key responsibilities for the role will include delivering:

The successful candidate should have the following experience and key skills:

Additionally an understanding and experience of GDPR and/or ISO 27001 will be advantageous.

The role is flexible in that it can be either home or office (Cambridge) based, with client site visits throughout the UK and Europe. Salary and package will be dependent on previous experience, attitude and future potential to grow within the role/company.

If you are interested in finding out more information regarding this exciting opportunity, then please send your CV and a covering letter (demonstrating why you are the right candidate) to: Jobs@3BDataSecurity.com

Read Less

Cyber Forensic Incident Response Investigator

This role is for an experienced consultant who has a strong background in digital forensics along with understanding of one or more of the following areas: computer security, penetration testing, programming, Incident Response, PCI-DSS QSA / PFI, or Cyber Security Training.

Read More

The candidate will need to have a good consulting background, be at ease when dealing with customers, be self-motivated and able to work unsupervised and deal with incidents at short notice.

Salary and package will be dependent on previous experience, attitude and future potential, the role will be based predominantly from the Cambridge office, with some home working where necessary, and will involve some travel throughout the UK and Europe.

The role can and will encompass a variety of topics including PCI DSS, security training, incident response, digital forensics, PCI and corporate breach investigations. Anything from forensic investigative tasks, conducting ‘on-site’ consultancy, acquisition of forensic evidence, report writing, developing new business, training clients, writing code and hacking code.

Other topics you may get exposed to include security assessments, malware analysis, litigation support, cardholder data discovery, penetration testing, code analysis, program tool development and training.

Where required training and hands on practical work in the areas of information security, forensics, and PCI-DSS will be provided, however this role is for an experienced forensic professional. Applicants must be flexible, proactive, self-starting and able to work as part of a team and independently.

The following skills are essential, applicants should have experience of commercial digital forensics, incident response, general information security as well as:

The following skills are desirable but not essential:

If you are interested in finding out more information regarding this exciting opportunity, then please send your CV and a covering letter (demonstrating why you are the right candidate) to: Jobs@3BDataSecurity.com

Read Less